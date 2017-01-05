News

FTC goes after D-Link for shoddy security in routers, cameras

Security experts have been warning about the dangers with poorly secured IoT products

A D-Link advertisement claims the product was secure, but the FTC says the ad was deceptive. 

The U.S. Federal Trade Commission is cracking down on D-Link for selling wireless routers and internet cameras that can easily be hacked, the regulator said Thursday.

Thousands of consumers are at risk, the FTC said in a complaint filed against the Taiwanese manufacturer, charging D-Link with repeatedly failing to take reasonable measures to secure the products.

The action comes as hackers have been hijacking poorly secured internet-connected products to launch massive cyberattacks that can force websites offline. Recently, a notorious malware known as Mirai has been found infecting routers, cameras, and DVRs built with weak default passwords.

In D-Link's case, the company said its products are "easy to secure" and offer "advanced network security." But in the reality, the devices contained preventable security flaws open to easy exploitation, the FTC alleged.

Among those flaws were guessable login credentials embedded in D-Link camera software, using the word "guest" for both the username and password. 

In addition, D-Link also failed to patch vulnerabilities in the product software, including a command injection flaw that would have given hackers remote control over a device.

"We can’t say whether we will take action against similar companies," an FTC spokesman said on Thursday.

However, shoddy security has also been found in numerous IoT products in recent years, and security experts have been urging the U.S. government to issue tough regulations to stop the problem.

In D-Link’s case, the security flaws could have paved the way for hackers to spy on consumers and steal their data via a compromised web camera or internet router, the FTC claims. 

However, the Taiwanese company said it denies all the allegations found in the FTC's complaint and is "taking steps to defend the action."

The FTC's complaint, filed in the U.S. District Court for Northern California, is seeking an injunction against D-Link to prevent further violations.

In addition to D-Link, the FTC has also gone after PC maker Asus over similar problems found with its routers and cloud computing service. Asus agreed to a settlement with the FTC last February.    

Michael Kan covers security for IDG News Service.

